• Nie Znaleziono Wyników

Exploring solutions to the privacy paradox in the context of e-assessment

N/A
N/A
Protected

Academic year: 2021

Share "Exploring solutions to the privacy paradox in the context of e-assessment"

Copied!
17
0
0

Pełen tekst

(1)

Exploring solutions to the privacy paradox in the context of e-assessment

informed consent revisited

Muravyeva, Ekaterina; Janssen, José; Specht, Marcus; Custers, Bart DOI

10.1007/s10676-020-09531-5 Publication date

2020

Document Version Final published version Published in

Ethics and Information Technology

Citation (APA)

Muravyeva, E., Janssen, J., Specht, M., & Custers, B. (2020). Exploring solutions to the privacy paradox in the context of e-assessment: informed consent revisited. Ethics and Information Technology, 22(3), 223-238. https://doi.org/10.1007/s10676-020-09531-5

Important note

To cite this publication, please use the final published version (if applicable). Please check the document version above.

Copyright

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons. Takedown policy

Please contact us and provide details if you believe this document breaches copyrights. We will remove access to the work immediately and investigate your claim.

(2)

https://doi.org/10.1007/s10676-020-09531-5

ORIGINAL PAPER

Exploring solutions to the privacy paradox in the context

of e‑assessment: informed consent revisited

Ekaterina Muravyeva1  · José Janssen1  · Marcus Specht2 · Bart Custers3

Published online: 24 April 2020 © The Author(s) 2020 Abstract

Personal data use is increasingly permeating our everyday life. Informed consent for personal data use is a central instru-ment for ensuring the protection of personal data. However, current informed consent practices often fail to actually inform data subjects about the use of personal data. This article presents the results of a requirements analysis for informed consent from both a legal and usability perspective, considering the application context of educational assessment. The requirements analysis is based on European Union (EU) law and a review of current practices. As the main outcome, the article presents a blueprint which will be the basis for the development of an informed consent template that supports data controllers in establishing an effective and efficient informed consent form. Because the blueprint, and subsequently, the template, distin-guishes between legal and usability requirements, it also provides the basis for the mapping of legal requirements in other (non-European) contexts.

Keywords Informed consent · Personal data · Sensitive data · e-Assessment · Privacy paradox

Introduction

Technology is increasingly permeating our day-to-day expe-riences in education, work, and leisure activities. A recent report by the Rathenau Institute (Van Est et al. 2014) states that the “new technological wave” requires further study

from legal and ethical perspectives. The report distinguishes four levels of human-technology interaction: technology in us (e.g., pills that, once inside a human body, can monitor the body’s condition and/or support its proper functioning); technology between us (e.g., mobile phones and social net-works that allow people to become connected and communi-cate with each other); technology about us (e.g., navigation systems that determine current location and lead along a pro-grammed route or video surveillance for security purposes); and technology just like us (e.g., robots that are programmed to perform tasks delegated to them). Regardless of the pre-cise level of interaction, human-technology interaction is challenging, particularly when (sensitive) personal data is involved, such as in health care or educational assessments (Kobsa et al. 2016; Wang and Kobsa 2013). This aspect brings legal and ethical challenges related to the accept-ance of these technologies and the use of personal data: consenting to the use of personal data requires reading and understanding information provided to reach an informed decision.

A growing number of studies shows that obtaining informed consent is a complicated process (Bashir et al. 2015; Böhme and Köpsell 2010; Lin and Loui 1998). Even if people indicate that the protection of their personal data is important, this does not mean that they pay attention to This publication reflects the views of the authors only, and the

European Commission cannot be held responsible for any use, which may be made of the information contained therein. * Ekaterina Muravyeva ekaterina.muravyeva@ou.nl José Janssen jose.janssen@ou.nl Marcus Specht m.m.specht@tudelft.nl Bart Custers b.h.m.custers@law.leidenuniv.nl

1 Open University of the Netherlands, Valkenburgerweg 177,

6401 DL Heerlen, The Netherlands

2 Delft University of Technology, Mekelweg 5, 2628 CD Delft,

The Netherlands

3 Leiden University, Rapenburg 70, 2311 EZ Leiden,

(3)

the details of requests for personal data before they give con-sent (Elsen et al. 2014). This contradiction between attitudes towards personal data protection and actual behaviour is referred to as the privacy paradox (Norberg et al. 2007). Sch-ermer et al. (2014) speak of “consent desensitisation” and “a crisis of consent”. However, the authors analyse this situa-tion not in terms of a contradicsitua-tion between people’s attitude and actual behaviour but in terms of a tension between the intention of the law and current practice. In effect, the risks for both the data subject (a person requested to consent) and the data controller (a person or entity requesting consent) are the same. The data subject risks consenting to the use of personal data to which, in fact, he/she would rather not. For the data controller, inadequate consent carries the risk of not being able to fully rely on the consent obtained (Schermer et al. 2014). The authors propose to address the crisis of consent by adopting a differentiated system of consent, in which unambiguous or explicit consent is sought only “when it really matters”, when the decision may involve serious risks or consequences. Although this system may certainly help counter consent desensitisation, the question of how to facilitate informed decision-making in situations where it is deemed necessary remains.

A study by Wilkowska and Zielfe (2011) on the accept-ance of e-health technology illustrates that the privacy para-dox exists in these situations as well. In fact, this study gives rise to further ethical concerns, as it revealed that the privacy paradox may even be reinforced when the use of personal data appears riskier: in this study, less healthy people indi-cated that they were less concerned about the secure storage of their personal data than healthy people. As a possible explanation of this effect, Burgess (2007) speaks of a poten-tial trade-off between benefits and risks: even if people are aware of the risks involved, they may feel tempted or basi-cally be forced to consent to gain access to a particular prod-uct or service. Similarly, Böhme and Köpsell (2010) mention a perceived lack of choice as a possible explanation for the privacy paradox: people do not see alternative options, and therefore, they see no reason to delve into the details of what they are consenting to. Other explanations they provide are inaptitude and habituation. Inaptitude refers to the fact that people may not have the appropriate knowledge and skills to understand the information provided; they may underes-timate or be entirely unaware of the risks associated with the use of personal data. Relatedly, Jensen and Potts (2004) showed that highly educated people better understand what they are consenting to. Finally, habituation refers to the fact that people may have developed a habit to ‘blindly’ con-sent so that they can continue doing what they planned to do without spending time on matters that fall beyond their immediate interest. Habituation is of particular concern, as it appears to indicate that solutions designed to obtain consent have resulted in the completely opposite effect. Instead of

being informed, people have grown accustomed to ignoring important information; of course, once developed, habits are difficult to unlearn (Greener 2016).

In the context of educational assessment, various state-of-the-art technologies using (sensitive) personal data are currently being explored to enable reliable e-assessments (Gaytan and McEwen 2007; Jones 2011; McCann 2010; Noguera et al. 2017; Underwood and Szabo 2003). e-Assess-ment potentially offers many advantages, for instance, a greater speed of marking, immediate feedback, and a more entertaining assessment experience (Jisc 1993). However, e-assessment also introduces challenges for an educational institution, concerning the quality of assessment and the prevention of fraud. In this regard, the TeSLA project con-sortium (https ://tesla -proje ct.eu/) developed technology for identity and authorship verification, including instruments for face and voice recognition, keystroke dynamics, plagia-rism detection and writing style analysis (Muravyeva et al. 2019). In this context, obtaining informed consent poses the same challenge of ensuring that students read and understand how these instruments operate and how their (sensitive) per-sonal data are used so that they can reach an informed deci-sion (Drachsler and Greller 2016). Another challenge lies in the European General Data Protection Regulation (GDPR) that came into force as of May 2018. The adoption of the GDPR is a crucial step in the recognition of the value of per-sonal data and the importance of perper-sonal data protection. The GDPR articulated requirements for the use of personal data that, among others, included an expansion of the data subject’s rights and strengthening of the data controller’s responsibilities. However, these expansions increased the complexity of informed consent (Feiler et al. 2018; O’Brien 2016; Jansen 2017). To ensure that informed consent is per-formed in accordance with the GDPR, the data controller should develop a set of legal, technical, and organisational measures prior to an informed consent procedure.

The privacy paradox and the new legislation underline the need for clear guidelines for data controllers regarding informed consent for the use of personal data. To that end, we aim to develop a blueprint for an informed consent tem-plate by following a design-based research approach (Edel-son 2009; Plomp 2010). The blueprint will be developed in the application context of e-assessment but can be inte-grated and applied in any context in which people may be asked to consent to the use of personal data, for instance, for online services, participation in research, and the review of such research by a research ethics committee. The context of e-assessment constitutes the direct cause for the develop-ment of the blueprint. However, the results of the require-ments analysis described in this paper are generic in the sense that they address the following questions:

(4)

Q2 What are the GDPR requirements for the data con-trollers to be used in the development of informed consent?

Q3 What are the usability requirements for the data sub-jects considering informed consent?

Q2 and Q3 are related to the concept of usability, i.e., the extent to which a product can be used to achieve specific goals in an effective, efficient, and satisfactory way (ISO 1998). An effective, efficient, and satisfactory informed consent procedure requires that the information provided in an information letter is complete (Q2) and presented in a way that facilitates uptake and comprehen-sion (Q3). To address Q2, we analyse the GDPR, which is specific to the European context. However, as mentioned above, the GDPR requirements are quite extensive; thus, we expect that there will be considerable overlap with the legal requirements in other countries. Q3 is addressed by reviewing relevant practice and usability studies regard-ing informed consent.

Analysis of the requirements will result in a blueprint that provides the basis for an informed consent template to be evaluated in a usability study. Usability studies often refer to the “user” more generally, but in the context of informed consent, there are two user groups: data sub-jects and data controllers. As will be explained in more detail in section “Blueprint design”, the primary user of the informed consent template is the data controller. Hence, the usability study results reported in this paper address the question:

Q4 How do the data controllers experience working with an informed consent template derived from the blue-print developed in this study?

Method

Requirements analysis

First of all, the GDPR was analysed to derive legal require-ments and conditions for informed consent as well as defi-nitions of “consent”, “personal data”, “processing”, “data subject”, and “data controller”.

Further, in order to develop an understanding of the state of the art regarding informed consent practices, a traditional (rather than a systematic) literature review was conducted (Jesson et al. 2011), using the following search terms: “informed consent” and “personal data”. “Assess-ment”, “technology” and “education” were added to indi-cate a field of application. The search was conducted using the advanced search option “keywords” in the databases of leading publishers in the fields of education, technology, and law. The search resulted in 672 articles, from which a fur-ther selection was made by applying additional criteria. The first results were quickly scanned and analysed to exclude duplicates; 212 duplicates were removed at this stage. Then, the abstract of each article was analysed to select only those articles that described informed consent practices, regard-less of the context in which they are applied. In fact, many of them describe tools and approaches initially developed for regulating informed consent in the relations between patients and doctors or social workers, which appeared relevant for our specific purpose. A total of 257 articles did not meet the inclusion criteria. For the remaining 203 articles, the full text was scanned. This set contained 30 articles with a focus on our specific field of application. In addition to these articles, we included some articles from other sources, such as the references used in writing the research proposal or found through snowballing, i.e., the references made by authors in their texts. The manual search provided us with 17 additional articles relevant for the review; therefore, a total of 47 articles were included. Table 1 gives an overview Table 1 Overview of the included articles

Focus References

Definitions Consent Ach (2018), Bix (2018), Burkemper (2004), David et al. (2001), Dolan (2015), Eyal (2018), Grout (2004), Hurd (2018), Noain-Sánchez (2016), Sheehan and Martin (2011), Schofield (2014)

Legal requirements Ach (2018), Cradock et al. (2016), Crutzen et al. (2019), Custers et al. (2014), Custers (2016), Feiler et al. (2018), Hand (2006), Luger et al. (2014), Mai (2016), Mäkinen (2015), O’Kane et al. (2013), Oliver-Lalana (2004), Polcak (2009), Rosner (2014), Van Ooijen and Vrabec (2019)

Usability requirements Effectiveness Coles-Kemp and Kani-Zabihi (2010), Cheek (2008), Collins (2005), Garwood (2014), Kay and Terry (2010), Lie and Witteveen (2017), Moran et al. (2014), Sand et al. (2010), Schriver et al. (2010), Steinfeld (2016)

Efficiency Berger et al. (2014), Burmeister (2000), Coates and Ellison (2014), Jansen (2017), Lentz et al. (2016), Luger and Rodden (2014)

Satisfaction Bustos-Jiménez (2014), Coles-Kemp and Kani-Zabihi (2010), Kaye et al. (2015), Luger (2012), Miller and Boulton (2007), Noain-Sánchez (2016), Van Alsenoy et al. (2014)

(5)

of the articles included in the literature review according to their relevance for the questions that we aimed to answer.

Blueprint design

Requirements for informed consent extracted from the GDPR and literature review were combined to create a blueprint, covering ‘all possible’ varieties of an informed consent form that enables the data controller to derive a template for an informed consent form to be further filled in for a specific context (Fig. 1). In information modelling terms: the blueprint constitutes the class from which objects can be derived (Parsons and Wand 2000; Xinogalos 2015). The blueprint indicates, for instance, that the template must contain a description of one or more purposes. Further instructions provided alongside prompt the data controller to consider presenting some purposes as optional to the data subject. In other words, the blueprint describes the total set of obligatory variables to be included in an informed consent form and possible options in connection with these variables for the data controller to decide upon in creating a template. So, sticking with the example of the variable ‘purpose’, the blueprint dictates that at least one ‘purpose’ must be filled in and indicates that the data controller may specify multiple purposes, in which case the data control-ler must decide whether or not to enable selective consent, i.e., consent for a subset of these purposes. Based on what was indicated, a template will be created with additional instructions, e.g., on how to describe a purpose(s). This should result in an informed consent form, which at least meets legal requirements (ensured by the blueprint) and hopefully, based on additional instructions provided in the template, usability requirements for the informed consent form as well. In information modelling terms, the resulting informed consent form, to be filled in by the data subject, is called an instance of the class (Fig. 1).

The blueprint presented in this paper constitutes a first—‘rough’—draft rather than a detailed model elab-orated in a formal language, such as the Unified Mod-elling Language (UML 1997). Section “Blueprint for an informed consent template” describes the stepwise

approach taken in designing the blueprint. The blueprint is meant to inform future development of a wizard-like tool to support data controllers in creating an informed consent template through a series of choices. Whether or not these two steps of ‘template creation’ and ‘filling in the template’ might be combined and executed through a single wizard is an issue for future implementation. In this regard, the model presented in Fig. 1 represents a con-ceptual model. According to this model, usability is at stake, conceptually, at three subsequent moments in the process (Fig. 1): when the data controller uses the wizard (the blueprint) to create a template; when the data control-ler uses the template to create an informed consent form; when the data subject uses the informed consent form to reach a decision. In wait of future development of the blue-print into a wizard to support template creation, the first small scale usability study presented in this paper focusses on the experiences of data controllers using a mock-up of an informed consent template, as explained in more detail in the next section.

Usability study

Design

In order to understand how data controllers experience working with an informed consent template derived from the blueprint developed in the current study, we adopted a mixed-methods design with concurrent collection of quan-titative and qualitative data (Creswell 2013). Data were collected in an authentic (ecologically valid) context of data controllers: in this case, researchers needing to obtain informed consent from participants in their research. These researchers were presented with the template and requested to use the template to create an informed consent form for their own research. Quantitative data were collected using an adapted version of the System Usability Scale (SUS) (Bla-zica and Lewis 2015). Qualitative data consisted of ques-tions raised and feedback provided during and after task performance. Blueprint Class Template Object Form Instance Consent decision Wizard usability Template usability Form usability Fig. 1 Informed consent based on a blueprint

(6)

Participants

Participants (n = 5) in this study involved a convenience sample of researchers from various faculties of the Open University of the Netherlands. Three participants were male; ages ranged between 24 and 36 years (M = 29.6, SD = 4.8). Materials

The mock-up template used in the usability study was derived from the blueprint as described in section “Results”. The SUS consists of ten statements (e.g., “I found the sys-tem unnecessarily complex”, “I thought the syssys-tem was easy to use”) measured on a 5-point Likert scale ranging from ‘Strongly disagree’ (= 1) to ‘Strongly agree’ (= 5). The original SUS was adapted to better address the objectives of the current study. For instance, the statement “I think that I would like to use this system frequently” was transformed in “I think that I would like to use this template again next time”.

Procedure

A total of nine researchers were invited via email to par-ticipate in the study; five of them agreed. Participants were presented with the template and asked to use it to create an informed consent form for the participants in their own research. Apart from instructions integrated into the tem-plate, participants were given additional instructions (e.g., applying plain language) before they started working on the task. On average, the entire procedure took 55 min.

Data analysis

Data were analysed at the item level (frequencies to identify main areas for improvement). The qualitative data were used for the interpretation of the quantitative data and presented in section “Results” alongside the quantitative data, to ensure an integrated picture of the results.

Results

Definitions

There are different ways to look at the concept of consent. In normative theory, consent makes actions permitted that would otherwise be forbidden, creating rights and duties (Bix 2018). Similarly, Hurd (2018) describes consent as a right- and duty-constricting mechanism: for the party requesting consent, it implies a duty to inform and to request consent; for those requested to consent, it entails a right to be informed and to decide whether to consent.

With respect to the latter, consent is often linked to self-determination as “a practical application of respect for the [person’s] autonomy” (Ach 2018, p. 291). In social theory, consent is viewed as a social construction that is in the interest of all parties involved. Usually, informed consent involves trust between two parties, but in some cases, more parties are involved, for instance, in the case of a researcher or practitioner working within an institutional context: “Informed consent is not a principle, but a social construction […] It has evolved from statements of pro-fessional ethics to a set of tripartite protections for human subjects, researchers/practitioners, and their institutional affiliates […]” (Dolan 2015, p. 119). Closely related to this aspect, consent is also considered a means to preserve social trust (Eyal 2018).

For the current study, the definition provided by the GDPR is the most relevant as it establishes a requirement for consent to be informed. According to art. 4 GDPR, con-sent is “any freely given, specific, informed and unambigu-ous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”. Although there is no definition of informed consent, the definition of consent makes clear that consent should be informed. In the contexts of research, health, and social care, the term ‘informed consent’ is commonly used where consent is typically described as a procedure for presenting information that must be given to the data subject to ensure a fair and transparent consent procedure (David et al. 2001; Grout 2004; Sheehan and Martin 2011; Schofield 2014). In line with this, Bix (2018) points out that consent is “to entail knowledge by the actor of all material circumstances, alternatives and consequences” (p. 223). Others accentuate the role of consent as “an instrument to provide users with appropriate information to protect their privacy” (Noain-Sánchez 2016, p. 126) or emphasise the voluntariness of the agreement, e.g., consent is "[…] giving of information to the client in order to gain that client’s voluntary agreement to a proposed […] interaction" (Burkemper 2004, p. 142). The voluntariness of consent is also reflected in the defini-tion provided by the GDPR which speaks of consent being “freely given” (art. 4 GDPR).

Of course, the GDPR is exclusively about consent to the processing of personal data. Personal data is “any informa-tion relating to an identified or identifiable natural person […]; an identifiable natural person is one who can be identi-fied, directly or indirectly, in particular by reference to an identifier such as a name, an identification number […]” (art. 4 GDPR). Processing of personal data is “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring […]” (art. 4 GDPR).

(7)

Legal requirements

The preamble of the GDPR states that “personal data should be processed on the basis of the consent of the data subject”. Therefore, consent is a legal requirement of its own (Oliver-Lalana 2004; Polcak 2009), and it includes an information letter and a consent statement. The information requirements are formulated in art. 13 and art. 14 GDPR and oblige the data controller to provide at least the following information: (a) Data processing: the categories of personal data, the

purposes of and the legal basis for the processing; whether the provision of personal data is a statutory or contractual requirement; the period of storage or, if this is not possible, the criteria used to determine that period;

(b) Data controller and data processor: the identity of the data controller and the data processor (“a natural or legal person, public authority, agency or other body which processes personal data on behalf of the control-ler” (art. 4 GDPR)) in case the data controller and the data processor are separate entities; the contact details of the data controller and the data protection officer (DPO);

(c) Data subjects’ rights: the right to withdraw consent; the right to access and data portability; the right to rectifi-cation, erasure, and restriction of processing; the right to object and to lodge a complaint with a supervisory authority;

(d) Consequences, where applicable: the fact that the controller intends to transfer personal data to a third country or international organisation; the existence of automated decision-making, including profiling. Data processing

Art. 9 GDPR defines the special categories of sensitive personal data as: “…data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, […] genetic data, biometric data […], data concerning health or data concerning a natural person’s sex life or sexual orienta-tion […]”. However, this definiorienta-tion of sensitive data is not unambiguous, leaving it unclear whether data can be defined as sensitive in some situations (Mäkinen 2015). For instance, smart devices for the daily monitoring of health conditions collect information not only on health, but also on habits and lifestyle. It is unclear whether the latter categories are included in this definition of sensitive data. Even if they are not included, such data may still be considered sensitive by the data subject. Cradock et al. (2016) emphasise the need to further categorise (sensitive) personal data to better esti-mate possible risks for each category and to subsequently determine appropriate data protection mechanisms for each

category. In the context of e-assessment, for instance, a dis-tinction can be made between data that are used for identity verification purposes (for instance, facial images and voice recordings) and for authorship verification purposes (for instance, writing style and keystroke dynamics).

In addition to a) data processing, a second purpose of use can be defined in advance when necessary or desirable (O’Kane et al. 2013). In practice, data are often used for purposes that are different from the initial purposes (Hand 2006). To avoid additional consent procedures later, all pur-poses can be included and described in the initial consent procedure. In the application context of e-assessment, for instance, if an educational institution plans to use the data collected for authorship verification for the purposes of a sci-entific study as well, then this information can be included in the same consent procedure, helping both students and their educational institution save time and effort in obtain-ing consent.

Data controller and data processor

Here, a point to consider is that both the data controller and the data processor should designate a DPO who will serve as a contact point for data subjects (art. 24, 28, 37 GDPR). Data subjects may contact him/her with regard to any issues related to the processing of their personal data (art. 39 GDPR). Importantly, a DPO has a neutral position while advising either the data subject or the data control-ler or the data processor, and he/she has a duty of secrecy and confidentiality while performing his/her tasks (art. 38 GDPR). Art. 13 GDPR states that the data subject should be informed about “the contact details of the controller” as well as “the contact details of the data protection officer”. However, as noted by Feiler et al. (2018), the term ‘contact details’ is not specified in detail in the GDPR. Rec. 23 GDPR speaks of “an email address or any other contact details”. Data subjects’ rights

The GDPR grants rights to the data subject that enable him/ her to have control over and manage personal data related to him/her. The data subject should be informed about the existence of these rights as well as when and how they can be practically exercised (art. 12 GDPR). First, the right to access which is organised in two steps: the right to obtain information about data processing activities and the right to obtain a copy of personal data that are undergoing pro-cessing (art. 15 GDPR). Closely related to this right, the data subject is also granted a right to data portability which means that the data subject can request personal data related to him/her in a format that supports use in a different setting (art. 20 GDPR). The data subject might want to exercise this right, for example, in case the data controller does not

(8)

provide the expected or desired level of service. Further, when processing activities involve incorrect or incomplete data, the data subject may exercise his/her right to rectifica-tion (art. 16 GDPR). The erasure of personal data might be requested when, for instance, personal data processing is no longer needed or desired or personal data were unlawfully processed (art. 17 GDPR). Finally, the right to restriction means that the data subject might temporarily stop or limit processing when, for instance, legal grounds for rectifica-tion or erasure are further investigated and verified (art. 18 GDPR).

Establishing such an extensive list of the data subject’s rights is justified by the fact that consent should be based on a sense of autonomy (Ach 2018). These rights are intended to affirm the data subject’s autonomy in exercising certain rights. To facilitate this, rec. 59 GDPR states that “the con-troller should also provide means for requests to be made electronically, especially where personal data are processed by electronic means”. Although not immediately relevant in terms of requirements for the blueprint, it is highly rel-evant in terms of practical application. In this respect, it is noteworthy that an electronic request (e.g., via an email) may trigger reasonable doubts about the identity of a person making the request (Feiler et al. 2018). The GDPR does not elaborate on the identification of the data subject.

Consequences

Under (d) consequences, we mentioned automated decision-making, which means evaluating personal aspects based solely on automated processing. In automated processing, for instance, e-recruiting without human intervention or an online credit application (art. 22 GDPR), the data subject should be pro-vided with “meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject” (art. 12 GDPR). In other words, algorithms should be explained “to ensure fair and transpar-ent processing taking into account the specific circumstances and context” (rec. 60 GDPR). This obligation raises the ques-tion of how to explain algorithms involved, and what exactly needs to be revealed to the data subject (Crutzen et al. 2019). Although explaining algorithms could make a decision-making process more clearly “visible”, it may fail “to solve the problem of information complexity, as it only provides a general expla-nation […] and does not explain what are actual implications for an individual” (Van Ooijen and Vrabec 2019, p. 104).

For the purpose of this study, the focus in this section was on generic requirements following from the GDPR. In this respect, it is relevant to point out that the GDPR estab-lishes minimum requirements for informed consent which are binding for all EU member states. However, on top of these requirements, additional requirements and conditions may be specified on a national or institutional level (art. 23 GDPR),

for instance, related to age, physical, and mental health issues (art. 18 GDPR). Still, meeting these legal requirements pro-vides no guarantee that the needs of the data subject are suf-ficiently met (Custers et al. 2014; Custers 2016; Mai 2016). Legal requirements establish guidelines mainly as to what information should be provided in a consent form. Regarding ‘how’ this information should be provided, the GDPR con-tains only a few generic guidelines. First, rec. 39 GDPR intro-duces the principle of transparency which requires that any information “be easily accessible and easy to understand, and that clear and plain language be used”. Second, art. 12 GDPR adds that information “may be provided in combination with standardised icons in order to give in an easily visible, intelli-gible and clearly leintelli-gible manner a meaningful overview of the intended processing”. With respect to the latter, there is a risk in the use of icons as they only provide a partial description of the data processing and may lead readers to ignore relevant textual information (Van Ooijen and Vrabec 2019).

In conclusion, many questions remain unanswered regard-ing ‘how’ (Luger et al. 2014; Rosner 2014): how to accom-modate legal requirements for informed consent. This issue of ‘how’ is further elaborated by drawing on insights gained through usability studies concerning informed consent.

Usability requirements

When it comes to the usability requirements for informed consent, two parties are involved: the data controller respon-sible for providing information, and the data subject who is asked to consent based on the information provided. From the point of view of the data controller, the blueprint for an informed consent template can prove more usable if it is both adaptive and adaptable (Park and Han 2012). For instance, in the context of e-assessment, the blueprint can automatically adapt according to a particular set of instru-ments for identity and authorship verification to be deployed. From the point of view of the data subject, adaptability and adaptivity can also be desirable while filling in an informed consent form. For instance, through an opportunity to con-sent only to the use of a particular type of personal data. The usability studies included in the literature review provided us with the leads for design and evaluation criteria follow-ing the three usability dimensions: effectiveness, efficiency, and satisfaction.

Effectiveness

Effectiveness is to be understood as the “accuracy and completeness with which users achieve specified goals” (ISO 1998). A study by Moran et al. (2014) showed that less educated people can hardly understand information provided in an informed consent procedure. The authors discuss the importance of using plain language to ensure

(9)

that people, irrespective of their educational level, under-stand information provided to them. Similarly, the plain language movement attempts to reform traditional legal writing (Collins 2005; Garwood 2014). As defined by Redish, when people can find information they need, understand it from the first time they read it, and use this information to perform a task, it is plain language (as cited in Schriver et al. 2010). Over the past decades, plain lan-guage advocates have developed some techniques—a basis for a plain language standard—including word-level and sentence-level techniques.

Word-level techniques basically target word length, word difficulty, and word concreteness (Cheek 2008). Short words are easier to recognise and interpret because they are also high-frequency words (words that native speakers hear all the time and require little attention to understand). Regard-ing word difficulty, simple words (as defined by Stanovich and Bauer, words that are “easy to pronounce” or with “few syllables” (as cited in Cheek 2008, p. 24)) are almost always a better choice unless there are reasons to use more complex words. Finally, concrete words are preferred over abstract words: they are easier to learn because they evoke more visual imagery. Sentence-level techniques basically require to use simple sentences, to avoid long sentences, and to keep clauses short (Schriver et al. 2010). A simple sentence is not necessarily a short sentence. Apparently, it is not the length of sentences that matters, but syntax and structure: clear syntax and structure help to read the text and process the meaning more quickly. In summary, short sentences should be balanced with well-written longer sentences. Part of writ-ing good longer sentences is to keep clauses short as long clauses complicate keeping track of what is going on in the sentence.

Taking into consideration that information provided in an informed consent procedure can be quite complex, plain language is a key requirement for making consent truly informed (Kay and Terry 2010; Sand et al. 2010; Steinfeld 2016). Some authors believe that having a dialogue is con-ditional for effective communication of informed consent (Coles-Kemp and Kani-Zabihi 2010; Lie and Witteveen 2017). Although this is an important consideration, this is an implementation issue, and as such, out of the scope of the current paper. The blueprint, template, and final informed consent form must be considered as a foundation on which a further dialogue can be built.

Efficiency

Efficiency is defined as “resources expended in relation to the accuracy and completeness with which users achieve goals” (ISO 1998). An efficient informed consent form ena-bles the data subject to reach an informed decision with the least possible effort. Insights from the field of information

design [as defined by the International Institute for Infor-mation Design, “the defining, planning, and shaping of the contents of a message and the environments in which it is presented, with the intention to satisfy the information needs of the intended recipients” (as cited in Coates and Ellison 2014)] are crucial in establishing efficiency.

When applied successfully, information design can help solve the problem of a large amount of information, for instance, through creating layers of information (Lentz et al. 2016; Jansen 2017). In this way, a first layer could be cre-ated for ‘minimally required’ information offered to all data subjects, while more detailed information could be made available in a second layer for those who seek additional information. Berger et al. (2014), in a medical context, pro-pose to distinguish layers based on the importance of infor-mation from the data subject’s point of view since their study showed that data subjects consider some information more important than other information. Information considered less important could be provided in a “silent mode” (through a ‘Read more’ button or a link to another webpage) or pro-vided separately upon request. In any case, creating layers can help in obtaining an overview of information, navigating through it, and finding what is needed in the first instance (Burmeister 2000; Luger and Rodden 2014).

Information design also refers to typographic elements, graphic elements, imagery, and colour (Coates and Ellison 2014). Typographic elements (e.g., letter type, size, weight) can be effectively used to create visual rhythm and pace. Graphic elements (e.g., headers, bulleted lists, tables) can help communicate complex information, especially when readers have various educational or cultural backgrounds. Imagery (e.g., illustrations, photographs, icons) is a power-ful tool that can be used in a variety of forms to attract read-ers’ attention. Colour is important when designing a large amount of information: attaching a specific colour to a group of content makes it easy to distinguish from any different group of content.

Satisfaction

In a usability context, satisfaction means “freedom from dis-comfort, and positive attitudes towards the use of the prod-uct” (ISO 1998). Information should be presented without coercion or undue influence and in a manner that encour-ages the data subject to ask questions (Burmeister 2000). An attempt at increasing satisfaction with an informed consent procedure is dynamic consent (Coles-Kemp and Kani-Zabihi 2010; Kaye et al. 2015). Dynamic consent is a new approach characterised by an interactive personalised interface that allows the data subject “to engage as much or as little as they choose and to alter their consent choices in real time” (Kaye et al. 2015, p. 142). Dynamic consent, first of all, enables participants to modify their consent decision over time (e.g.,

(10)

to withdraw consent); second, it supports in decision-making through a variety of decision aids; third, it allows to main-tain a better communication process (e.g., a chat window to directly ask questions and a notification system when new actions or ethical issues arise); finally, it provides a record of all interactions in ‘one place’. In other words, dynamic consent places the data subject in the centre of decision-making and makes the whole informed consent procedure more actionable (Bustos-Jiménez 2014; Van Alsenoy et al. 2014).

In the context of e-assessment, for example, students might be enabled to select purposes (identity and/or author-ship verification), and/or categories of personal data: to con-sent to identity verification only (not authorship verification) or to consent to identity verification through voice recog-nition only (and not, for instance, face recogrecog-nition), i.e., ‘selective consent’ (Coles-Kemp and Kani-Zabihi 2010). If a student provides consent to identity verification through voice recognition only, then a consent form automatically requests consent for processing of this category of personal data only (adaptivity).

Another important requirement regarding satisfaction is timing: data subjects should have sufficient time to read information, ask questions and think about their decision, to arrive at what matches their preferences (Luger 2012; Noain-Sánchez 2016; Miller and Boulton 2007). This requirement is also an implementation issue, but only partly: information provided in connection with informed consent should also clarify when the decision is due.

In conclusion, the literature review shows that there are already many initiatives regarding how to improve informed consent procedures. However, not all of them have been systematically evaluated. In addition, none of these initia-tives considered the option of developing a blueprint for an informed consent template.

Usability aspects described in this section apply to all three levels included in Fig. 1: blueprint, template, and informed consent form. However, for the template, usabil-ity is a coin with two sides: the template must be usable for the data controller and must be filled in, in compliance with usability criteria for the informed consent form. The next section describes the design (including the design process) of the blueprint and further explains the relation with the template.

Blueprint for an informed consent template

The blueprint aims at helping data controllers fulfil all the legal requirements in creating a template for an informed consent form, which in turn should help ensure that data sub-jects receive information in a way that enhances informed decision making. The blueprint and the template derived from it were designed through a number of subsequent steps.

First, an overview of legal requirements was created. The first column of Table 2 presents this overview with: (a) legally required (obligatory) information elements in

bold capital letters in a logical order (e.g., purpose first);

(b) choices for the data controller are indicated by radio buttons ○ (e.g., single or multiple purposes);

(c) additional options are indicated by a checkbox □ (e.g., in case of multiple purposes, the data subject can opt in / out for each of these).

Second, as some of the usability requirements found in the literature review apply to the level of implementation rather than the design of an informed consent form, the next step entailed filtering out usability requirements not directly relevant for the design of an informed consent form (e.g., enabling withdrawal of consent in the same way consent was obtained (art. 7 GDPR)). Remaining usability requirements target two levels:

(a) usability requirements for the template (instructions to support the ‘fill in’ process presented in Table 2 as text in italics; functionalities (e.g., add purpose)—text in italics in squared brackets);

(b) usability requirements for the informed consent form (e.g., plain language). These have been translated to additional instructions to be provided alongside the template.

As mentioned, Table 2 presents a first ‘rough’ draft of the blueprint. More intricate functionality, e.g., enabling a layered design as suggested by some authors, has not been included in this first draft. Besides, the presented ‘translation’ of the blueprint to a template is, necessarily due to the descriptive format, rudimentary. For instance, the template now contains rudimentary functionality, e.g., ‘add’ options, when depending on the choices described in the blueprint, the data controller may not simply ‘add’, e.g., a purpose, but may need to indicate for each added purpose whether or not the purpose should be presented as ‘optional’ to the data subject. Nevertheless, this first draft should sufficiently illustrate the range of complexity levels, e.g., from consenting to a single purpose requiring the use of only a limited set of personal data, to which the data subject can respond with ‘Yes’ or ‘No’, to more elaborate designs involving multiple purposes, requiring different (sets of) personal data, on which the data sub-ject can decide separately (selective consent). The rela-tive straightforward template presented in the right-hand column of Table 2 was used to evaluate data controllers’

(11)

Table 2 Blueprint and template to create an informed consent form

Blueprint Template

PURPOSE(S) Purpose(s)

Describe the context and purpose(s) of personal data processing, e.g., purpose of research, technology used, learning services provided, etc

Select:

○ single purpose Your personal data is requested for the following purpose: …

○ multiple purpose(s) of personal data collection Your personal data is requested for the following purposes: …

[add purpose]

Check if applicable:

□ (subset of) purposes is optional [indicate for each purpose whether it is optional]

PERSONAL DATA TYPE(S) Personal data type(s)

Specify in detail all sensitive (e.g., images of face, video recordings or specific health data) and/or non-sensitive data (e.g., name, age or date of birth)

Select:

○ single type of personal data The following type of personal data is requested: … ○ multiple types of personal data The following types of personal data are requested: …

[add personal data type]

Check if applicable:

□ (subset of) personal data types [indicate for each type of personal data whether it is optional]

STORAGE PERIOD Storage period

Specify a date or occasion when storage starts, and a period of time or end date when storage ends

Select:

○ Single storage period Start: …

Period or end date: …

○ Storage period depends on purpose Start: …

Period or end date: …

[add storage period]

○ Storage period depends on personal data type Start: …

Period or end date: …

[add storage period]

DATA CONTROLLER(S) Data controller(s)

Introduce the data controller, e.g., a person or entity determining the purpose and means of personal data processing, and provide contact information, e.g., email address, telephone number, postal address

The data controller is the person (or entity) determining the purpose and means of personal data processing:

Select:

○ single data controller Name of a person / entity: …

Contact information: …

○ multiple data controllers Name of a person / entity: …

Contact information: …

[add data controller]

DATA PROCESSOR(S) (if other than data controller) Data processor(s) Check if applicable:

□ data controller(s) and data processor(s) are the same

Introduce the data processor, e.g., a person or entity processing per-sonal data on behalf of the data controller

The data processor is the person (or entity) processing personal data on behalf of the data controller:

(12)

Table 2 (continued)

DATA PROCESSOR(S) (if other than data controller) Data processor(s)

○ Single data processor Name of a person / entity: …

○ Multiple data processors Name of a person / entity: …

[add data processor]

VOLUNTARINESS Voluntariness

Sharing your personal data for the purpose(s) explained above is entirely voluntary. You can withdraw your consent at any time without giving a reason

CONSEQUENCES Consequences

Explain consequences of sharing personal data and not sharing per-sonal data

Consenting to sharing your personal data will mean: … If you decide not to consent, this will mean: …

DATA SUBJECT RIGHTS Data subject rights

THE RIGHT TO DELETE The right to delete

You can request to delete personal data collected from you when, for instance, it is incorrect

THE RIGHT TO PORTABILITY The right to portability

You can request the provision of your personal data in a format that allows you to use this data in a different setting

THE RIGHT TO OBJECT The right to object

You can submit a complaint when, for instance, processing of your personal data demonstrates a risk situation for you

Check if applicable*:

□ data processing is carried out solely in the context of research * if checked the following data subject rights, which are otherwise

obligatory, become optional

THE RIGHT TO ACCESS The right to access

You can request information about the processing of your personal data, including a copy of personal data that is under processing

THE RIGHT TO CORRECT The right to correct

You can request a correction of your personal data when processing involves incorrect or incomplete personal data

THE RIGHT TO RESTRICT The right to restrict

You can request to restrict processing of your personal data when, for instance, legal grounds (such as consent) for processing should be investigated

CONTACT INFORMATION Contact information

Introduce a contact person and/or provide contact information e.g., email address, telephone number, postal address

FOR ADDITIONAL INFORMATION For additional information

For additional information, please, contact: … TO EXERCISE THE DATA SUBJECT RIGHTS To exercise the data subject rights

To exercise (one of) your rights, please, contact: …

DATA PROTECTION OFFICER Data protection officer

For any issues regarding your personal data processing, please, contact the Data protection officer: …

DATA PROTECTION AUTHORUTY Data protection authority

For issues that cannot be solved with the Data Protection Officer you can contact the Data protection authority: …

CONSENT Consent

(13)

experiences in working with the template to create an informed consent form.

Evaluation of the informed consent template

This section describes the results of the small scale usabil-ity study. Table 3 provides the frequencies of participants’ responses to the items constituting the SUS.

All participants agreed to item 5: “I find the various information requirements for informed consent are well integrated in this template”. This can be considered a reas-suring result as this may well be considered the main ration-ale behind the use of the template. However, there is room for improvement, as suggested by the less favourable scores (bold values) in Table 3. Participants also indicated that they need support to be able to use the template (item 4) and that they need to learn a lot of things before they can get going with this template (item 10).

Further feedback provided by participants during the interviews confirmed the appreciation of the integrative character of the template, for instance, through a reported

sense of safety evoked by the template that it holds all the information requirements for informed consent established by the GDPR in ‘one place’: “The template provides all information needed to be included in an information let-ter”, or “It gives me the feeling that I am surely comply-ing with the GDPR”. Furthermore, participants commented that the template being presented in “a condensed format” accompanied by “additional guidelines” makes “the fill in process easier”.

Nevertheless, during the interviews, participants also reported a lack of support: “You need help for deciding what is particularly useful for your research”. At the same time, they indicated not to be sure whether they lack sup-port from the system or an appropriate level of knowledge about how to conduct research involving the collection of personal data. Another reported difficulty was related to understanding functionalities integrated in the template. It was not immediately clear, for instance, that the template was meant to support selective consent. When asked for recommendations, four participants came up with basically two recommendations. First, it was suggested to provide Table 2 (continued)

CONSENT Consent

I read the information and had an opportunity to ask questions. I con-sent to my personal data being processed for the purposes described

SIGNATURE Signature

Name: Date of birth: Signature:

COPY Copy

Explain how a copy will be provided to the data subject

A copy of the signed informed consent form will be made available to you for your own use through: …

Table 3 SUS item score frequencies

Strongly

disagree Disagree Neutral Agree Strongly agree

1. I think that I would like to use this template next time again 1 2 2

2. I find the template unnecessarily complex 2 2 1

3. I think the template is easy to use 2 2 1

4. I think that I need support to be able to use this template 2 1 2

5. I find the various information requirements for informed

consent are well integrated in this template 3 2

6. I think the various information requirements for informed

consent are poorly explained in the template 1 3 1

7. I can imagine that most people would learn to use this

template very quickly 1 3 1

8. I find the template very cumbersome to use 2 3

9. I feel very confident using the template 1 1 1 2

10. I need to learn a lot of things before I can get going with

(14)

more explanatory information, for instance, to clarify the distinction between the data controller and the data proces-sor, or the role of the DPO. Second, participants would like to have more examples of how to fill in the template, for instance, with respect to the consequences of consenting and/or not consenting, when collecting personal data in a specific context.

Conclusions and Discussion

Various studies have shown that meeting legal requirements related to obtaining consent to the use of personal data, i.e., providing necessary information and requesting consent, does not guarantee an obtained consent is an informed, ethically invalid, consent. In this regard, Luger et al. (2014) speak of the need to move beyond the current flawed con-sent practices to more embedded approaches that balance legal, ethical, and technological perspectives. The authors propose to place consent “under control of the user, casting the design of systems as a central mechanism by which this should be achieved” (p. 615). Rosner (2014) adds to this discussion by stressing out the importance of shifting control over personal data to the data subject: “The growth of cloud computing […] implies an even greater need to frame infor-mational control in more appropriate terms of rights […] Efforts to shift the value inequality between data sources and collectors are still in their infancy […] An emphasis away from the concept of data ownership towards actual control and rights regimes is essential to re-frame discussion of consent” (p. 628).

In the current study, a blueprint for an informed consent template form was presented with the aim to support data controllers in establishing informed consent that is both compliant with the legal requirements and responds to the data subject’s needs (usability). The blueprint should con-tribute to strengthening data subjects’ control over personal data, for instance, by prompting data controllers—in line with the GDPR—to actively consider selective consent and by supporting the elaboration of selective consent designs in an informed consent template. The usability study results reported in this paper in relation with an informed consent template revealed the need to provide substantial explana-tory information, including examples for data controllers on how to fill in the template. Still, overall results can be con-sidered encouraging as the current study involved a mock-up template. The envisioned wizard-like approach seems par-ticularly suitable to provide supportive information just in time and on demand. A challenge will be to ‘translate’ this (legal) information into plain language and practical terms, e.g., to explain consequences to data subjects. The Crea-tive Commons solution achieved in the area of copyrights might be considered exemplary in this respect. Nevertheless,

taking things further from here will still require considerable effort on various levels: to develop a formalised model of the blueprint to support software development for informed con-sent; further, usability studies with data controllers consider-ing various contexts and various levels of complexity; and, last but not least, experts’ evaluations and usability studies of the resulting informed consent forms.

Usability requirements (effectiveness, efficiency, and satisfaction) need to be translated into specific evaluation criteria, such as the time spent reading and the level of infor-mation uptake and comprehension. Future investigations should explore various functionalities, such as the use of icons, providing information in layers, and selective consent. Finally, to understand whether a decision is freely made, a close examination of the reasons behind a particular deci-sion is needed.

Acknowledgement This project has been co-funded by the HORI-ZON 2020 Programme of the European Union. Project number: 688520—TeSLA—H2020—ICT—2015/H2015—ICT—2015. Open Access This article is licensed under a Creative Commons Attri-bution 4.0 International License, which permits use, sharing, adapta-tion, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creat iveco mmons .org/licen ses/by/4.0/.

References

Ach, J. (2018). Consent and medical treatment. In A. Müller & P. Schaber (Eds.), The Routledge handbook of the ethics of consent (pp. 285–297). Abington: Taylor & Francis Group.

Bashir, M., Hayes, C., Lambert, A. D., & Kesan, J. P. (2015). Online privacy and informed consent: The dilemma of information asym-metry. In Proceedings of the Association for Information Science

and Technology, ASIST 2015 (pp. 1–10). Saint Louis, MO. https ://doi.org/10.1002/pra2.2015.14505 20100 43

Berger, O., Sand, K., Johansen, I., Loge, J. H., Kaasa, S., & Grønberg, B. H. (2014). What do cancer patients and members of ethical review boards in Norway consider important elements of informed consent documents? AJOB Empirical Bioethics, 5(4), 1–13. https ://doi.org/10.1080/23294 515.2014.93819 9.

Bix, B. (2018). Consent and contracts. In A. Müller & P. Schaber (Eds.), The Routledge handbook of the ethics of consent (pp. 222–235). Abington: Taylor & Francis Group.

Blazica, B., & Lewis, J. R. (2015). A Slovene translation of the system usability scale: The SUS-SI. International Journal of

Human-Computer Interaction, 31(2), 112–117. https ://doi. org/10.1080/10447 318.2014.98663 4.

Böhme, R., & Köpsell, S. (2010). Trained to accept? A field experi-ment on consent dialogs. In Proceedings of the 28th International

(15)

Conference on Human Factors in Computing Systems (pp. 2403–

2406). Atlanta, GA. https ://doi.org/10.1145/17533 26.17536 89. Burgess, M. (2007). Proposing modesty for informed consent. Social

Science & Medicine, 65, 2284–2295. https ://doi.org/10.1016/j. socsc imed.2007.08.006.

Burkemper, E. (2004). Informed consent in social work ethics educa-tion: Guiding student education with an informed consent tem-plate. Journal of Teaching in Social Work, 24(2), 141–160. https ://doi.org/10.1300/J067v 24n01 .

Burmeister, O. K. (2000). Usability testing: Revisiting informed consent procedures for testing internet sites. In Proceedings

of the 2nd Australian Institute of Computer Ethics Conference

(pp. 3–9). Canberra. Retrieved from https ://dl.acm.org/citat ion. cfm?id=56371 7.

Bustos-Jiménez, J. (2014). Do we really need an online informed con-sent? Discussion from a technocratic point of view. In

Proceed-ings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing, UbiComp 2014 (pp. 629–634).

Seat-tle, WA. https ://doi.org/10.1145/26387 28.26416 83.

Cheek, A. (2008). International plain language standards—the view from the Center for Plain Language. Clarity, 59, 21–28. Coates, K., & Ellison, A. (2014). An introduction to information

design. London: Laurence King Publishing.

Coles-Kemp, L., & Kani-Zabihi, E. (2010). On-line privacy and con-sent: A Dialogue, Not a Monologue. In Proceedings of the New

Security Paradigms Workshop, NSPW 2010 (pp. 95–105).

Con-cord, MA. https ://doi.org/10.1145/19005 46.19005 60

Collins, K. D. (2005). The use of plain-language principles in texas litigation formbooks. Review of Litigation, 24(2), 429–472. Cradock, E., Stalla-Bourdillon, S., & Millard, D. (2016). Nobody puts

data in a corner? Why a new approach to categorising personal data is required for the obligation to inform. Computer Law &

Security Review: The International Journal of Technology Law and Practice, 5, 1–17. https ://doi.org/10.1016/j.clsr.2016.11.005. Creswell, J. W. (2013). Educational research: Planning, conducting,

and evaluating quantitative and qualitative research (4th ed.).

London: Pearson Education Limited.

Crutzen, R., Peters, G. Y., & Mondschein, C. (2019). Why and how we should care about the General Data Protection Regu-lation. Psychology & Health, 34(11), 1347–1357. https ://doi. org/10.1080/08870 446.2019.16062 22.

Custers, B. (2016). Click here to consent forever: expiry dates for informed consent. Big Data & Society, 3(1), 1–6. https ://doi. org/10.1177/20539 51715 62493 5.

Custers, B., Van der Hof, S., & Schermer, B. (2014). Privacy expec-tations of social media users: The role of informed consent in privacy policies. Policy and Internet, 6(3), 268–295. https ://doi. org/10.1002/1944-2866.POI36 6.

David, M., Edwards, R., & Alldred, P. (2001). Children and school-based research: ‘informed consent’ or ‘educated consent’?

Brit-ish Educational Research Journal, 27(3), 347–365. https ://doi. org/10.1080/01411 92012 00483 40.

Dolan, T. (2015). Does the principle of informed consent apply to futures studies research? Futures, 71, 114–121. https ://doi. org/10.1016/j.futur es.2014.09.002.

Drachsler, H., & Greller, W. (2016). Privacy and analytics—it’s a DELICATE issue: A checklist for trusted learning analytics. In

Proceedings of the 6th Conference on Learning Analytics and Knowledge, LAK 2016 (pp. 1–10). Edinburgh: ACM. https ://doi. org/10.1145/28838 51.28838 93

Edelson, D. C. (2009). Design research: What we learn when we engage in design. Journal of the Learning Sciences, 11(1), 105–121.

Elsen, M., Elshout, S., Kieruj, N., & Benning, T. (2014). Onderzoek

naar privacyafwegingen. Retrieved from https ://www.cente rdata .nl/sites /defau lt/files /besta nden/onlin e_priva cy.pdf

Ergonomic Requirements for Office Work with Visual Display Ter-minals (VDTs)—Part 11: Guidance on usability, Pub. L. No. ISO 9241–11:1998 (1998). International Organization for Standardization. Retrieved from https ://www.iso.org/obp/ ui/#iso:std:iso:9241:-11:ed-1:v1:en

Eyal, N. (2018). Infomed consent. In A. Müller & P. Schaber (Eds.),

The Routledge handbook of the ethics of consent (pp. 272–285).

Abington: Taylor & Francis Group.

Feiler, L., Forgo, N., & Weigly, M. (2018). The EU General Data

Protection Regulation (GDPR): A commentary. London: Globe

Law and Business.

Garwood, K. (2014). Plain, but not simple: Plain language research

with readers, writers, and texts.

Gaytan, J., & McEwen, B. C. (2007). Effective online instructional and assessment strategies. American Journal of Distance Education,

21(3), 117–132. https ://doi.org/10.1080/08923 64070 13416 53. Greener, S. (2016). Unlearning with technology. Interactive Learning

Environments, 24(6), 1027–1029. https ://doi.org/10.1080/10494 820.2016.12200 52.

Grout, G. (2004). Using negotiated consent in research and practice.

Nursing Older People, 16, 18–20. https ://doi.org/10.7748/nop20 04.06.16.4.18.c2314 .

Hand, D. J. (2006). Protection or privacy? Data mining and personal data. In Proceedings of the 10th Pacific-Asia Conference on

Knowledge Discovery and Data Mining, PAKDD 2006 (pp. 1–10).

Singapore. https ://doi.org/10.1007/11731 139_1.

Hurd, H. (2018). The normative force of consent. In A. Müller & P. Schauber (Eds.), The Routledge handbook of the ethics of consent (pp. 44–55). Abington: Taylor & Francis Group.

Jansen, M. (2017). De privacy-paradox: steeds meer informatie ver-strekken, maar wel zo compact en simpel mogelijk alstublieft. Retrieved from https ://www.dirkz wager .nl/kenni s/artik elen/de-priva cy-parad ox-steed s-meer-infor matie -verst rekke n-maar-wel-zo-compa ct-en-simpe l-mogel ijk-alstu blief t/

Jensen, C., & Potts, C. (2004). Privacy policies as decision-making tools: an evaluation of online privacy notices. International

Jour-nal of Human-Computer Interaction, 6(1), 471–478. https ://doi. org/10.1145/98569 2.98575 2.

Jesson, J. K., Matheson, L., & Lacey, F. M. (2011). Doing your

litera-ture review. Traditional and systematic techniques. London: Sage.

Joint information systems committee. (1993). Retrieved from https :// www.jisc.ac.uk/.

Jones, D. R. (2011). Academic dishonesty: Are more students cheating?

Business Communication Quarterly, 74(2), 141–150. https ://doi. org/10.1177/10805 69911 40405 9.

Kay, M., & Terry, M. (2010). Textured agreements: Re-envisioning electronic consent. In Proceedings of the Symposium on Usable

Privacy and Security, SOUPS 2010 (pp. 1–13). Redmond, WA.

https ://doi.org/10.1145/18371 10.18371 27

Kaye, J., Whitley, E. A., Lund, D., Morrison, M., Teare, H., & Melham, K. (2015). Dynamic consent: A patient interface for twenty-first century research networks. European Journal of Human Genetics,

23, 141–146. https ://doi.org/10.1038/ejhg.2014.71.

Kobsa, A., Cho, H., & Knijnenburg, B. (2016). The effect of person-alization provider characteristics on privacy attitudes and behav-iors: An elaboration likelihood model approach. Journal of the

Association for Information Science and Technology, 67(11),

2587–2606. https ://doi.org/10.1002/asi.23629 .

Lentz, J., Kennett, M., Perlmutter, J., & Forrest, A. (2016). Paving the way to a more effective informed consent process: Recommen-dations from the Clinical Trials Transformation Initiative.

Con-temporary Clinical Trials, 49, 65–69. https ://doi.org/10.1016/j. cct.2016.06.005.

Lie, R., & Witteveen, L. (2017). Visual informed consent: Informed consent without forms. International Journal of Social Research

Cytaty

Powiązane dokumenty

Informacje źródłowe wykorzystane w niniejszym artykule wskazują, że an- tyczni autorzy piszący o zamachu dokonanym na G. Juliusza Cezara 15 marca 44 roku obok głównych

Таблиця 5 Порівняння результатів діагностики за основними компонентами емоційної компетентності здобувачів (констатувальний

Dział Wspomnienia zawiera rozważania Andrzeja Królika o bialskiej Kolei Wąskotorowej, funkcjonującej do roku 1972, a także wspomnienia Henryka Czarkowskiego o

In Europe the Ener- gy Performance of Buildings Directive and the Energy Efficiency Directive are driving forces for EU Member States to develop and strengthen energy

Voor de verdeling van de totals toegevoerde warmte wordt aangenomen dat de gehele ingespoten hoeveelheid brandstof. isochoor verbrandt, indien deze hoeveelheid

Downloaded by [Universitaetsbibliothek Bielefeld] at 22:39 11 November 2015.. the full coverage of all Chinese citizens via a widening social safety net. Despite a strong..

18 Paweł Litwiński, “komentarz do artykułu 58,” in EU Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of

Nie warty gniewu smutek jest zbyteczną szatą... Сильне керування родовим відмінком підтримується інформативною недостатністю прикметника. Прикметник